News > Secutec News

Urgent Tech Update – Critical vulnerability on windows DNS server

Windows DNS Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

 

Workarounds

The following registry modification has been identified as a workaround for this vulnerability.

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 
  DWORD = TcpReceivePacketSize 
  Value = 0xFF00

Note: A restart of the DNS Service is required to take effect.

Please see 4569509 for more information.

To remove the workaround

After applying the patch, the admin can remove the value TcpReceivePacketSize and its corresponding data so that everything else under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters remains as before.

 

Security Updates

To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

 

CLICK HERE TO SEE ALL THE SECURITY UPDATES

 

Questions about this urgent Tech Update?

Contact Us

  • This field is for validation purposes and should be left unchanged.